Skip to content
GitLab
Menu
Why GitLab
Pricing
Contact Sales
Explore
Why GitLab
Pricing
Contact Sales
Explore
Sign in
Get free trial
Changes
Page history
Rework Overview section
authored
Aug 28, 2018
by
Tim Beale
Show whitespace changes
Inline
Side-by-side
samba-functionality/overview.md
View page @
878c4ece
# Overview of Samba functionality
*
Samba is the standard Windows interoperability suite of programs for Linux and Unix.
*
Samba is the standard Windows interoperability suite of programs for Linux and Unix.
Samba was started by Andrew Tridgell as a SMB client and server to
connect between DEC Pathworks and a Sun Workstation. It quickly took
off once it was realised that it could be used by Microsoft Windows
clients and servers.
Samba is an open-source software project that dates back to 1992.
It takes the protocols that are essential to the operation of a Windows network
and provides support for them on Linux, Unix and Mac OS systems.
This allows the clients and servers in a network to be either Windows- or Samba-based,
and to seamlessly integrate together.
It contains many features, some of which are listed below.
Samba gives network administrators freedom in how they structure their networks.
Samba contains many features. _TODO_
operates as:
*
File server, as well as providing printing services.
*
Active Directory (AD) Domain Controller (DC)
## [File Server](https://www.samba.org/samba/docs/current/man-html/smbd.8.html)
...
...
@@ -16,94 +23,65 @@ Windows clients. Samba translates between the NTFS file system semantics
expected by modern Windows clients and the POSIX file system on which it runs,
including locking, Access Control Lists and case insensitivity.
The file server is run from the
`smbd`
binary.
*
[
source3/smbd
](
https://git.samba.org/?p=samba.git;a=tree;f=source3/smbd
)
Core to the file server operations are the CIFS (Common Internet File System) SMB (Server Message Block) protocols.
### [Clustered file server (ctdb)](https://wiki.samba.org/index.php/CTDB_and_Clustered_Samba)
A clustered version of Samba is available using the
`
ctdb
`
binary to link
As well as being a file server, Samba can also function as:
*
_
[
Clustered file server (CTDB)
](
https://wiki.samba.org/index.php/CTDB_and_Clustered_Samba
)
_.
A clustered version of Samba is available using the
[
ctdb
](
https://git.samba.org/?p=samba.git;a=tree;f=ctdb
)
binary to link
multiple Samba servers that share a common file system into the
appearance of single SMB file server.
*
[
ctdb
](
https://git.samba.org/?p=samba.git;a=tree;f=ctdb
)
## [Print Server](https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Print_Server)
*
_
[
Print Server
](
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Print_Server
)
_.
As well as sharing files, Samba can share printers, which are either locally
attached or are remote printers connected to the local CUPS server.
attached or are remote printers connected to the local
[
CUPS
](
https://www.cups.org/
)
(
Common
UNIX Printing System)
server.
Samba can also provide automatic driver download to allow clients to
access and install the correct driver for available printers.
This can be used to create a central print server.
*
[
source3/rpc_server/spoolss
](
https://git.samba.org/?p=samba.git;a=tree;f=source3/rpc_server/spoolss
)
*
[
source3/printing
](
https://git.samba.org/?p=samba.git;a=tree;f=source3/printing
)
*
[
CUPS
](
https://www.cups.org/
)
## [Active Directory Domain Controller](https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller)
Active Directory is often described as a combined LDAP, Kerberos,
DCE/RPC and DNS server backed on to a common database
(
[
sam.ldb
](
../protocols-and-subsystems/sam.ldb
)
in Samba).
It provides secure centralised authentication, authorization to allow access to
different networked resources, as well as address-book services. The different
protocols provide different views of the underlying database as well as
a range of administrative capabilities.
Active Directory (AD) is a set of network services that run on a Domain Controller (DC).
The AD DC administers a _domain_ of users and computers.
The AD DC is responsible for verifying the identity of hosts in the network,
using a common database (or _directory_).
Since the protocols are generally views of a common data store, much of the
complexity in these services is actually in the abstraction layers of the
[
sam.ldb
](
../protocols-and-subsystems/sam.ldb
)
database.
Active Directory provides secure centralised authentication, authorization to allow access to
different networked resources, as well as address-book services.
A range of different network protocols are involved,
and Samba (specifically the
`samba`
binary) acts as server for each protocol.
All these services are run from the
`samba`
binary.
The server responsibilties include:
*
[
source4
](
https://git.samba.org/?p=samba.git;a=tree;f=source4
)
### LDAP
Many clients of Active Directory will contact Samba over LDAP to look up user
information or to perform administration. LDAP is the primary administrative
*
_LDAP Server_. LDAP (Lightweight Directory Access Protocol) is one way
AD clients look up user information or to perform administration.
LDAP is the primary administrative
interface to Active Directory and is generally the most comprehensive view of
the database. It is, however, the most unstructured way to manipulate data
stored in Active Directory and so, often must be used with care.
*
[
source4/ldap_server
](
https://git.samba.org/?p=samba.git;a=tree;f=source4/ldap_server
)
### Kerberos KDC
*
_Kerberos KDC_.
An extended Kerberos version 5 is core to Active Directory, and the AD
DC contains a Kerberos Key Distribution Center (KDC), the central
authentication server for this protocol.
*
[
source4/kdc
](
https://git.samba.org/?p=samba.git;a=tree;f=source4/kdc
)
### [DCE/RPC Server](dce-rpc-server)
*
_Database consistency_.
The common database is distributed across multiple Domain Controllers, whilst preserving database consistency.
This feature is called DRS (Directory Replication Service).
This implements as much of Microsoft's version of DCE/RPC as is
necessary for Samba, including key services like
[
LSA
](
dce-rpc-server#lsa
)
,
[
SAMR
](
../protocols-and-subsystems/samr
)
and
[
NETLOGON
](
dce-rpc-server#netlogon
)
*
_DNS Server_. Samba provides both an
internal DNS (Domain Name Service) server and a plugin for BIND 9.8 and above
### [Replication client and server](drs-replication)
*
_DCE/RPC Server_ for Microsoft protocols.
Key network services (e.g. LSA, SAMR, NETLOGON) actually operate over a common
transport called DCE/RPC. This will be explained in more detail later in the document.
DRS (Directory Replication Service) maintains consistent state across
multiple domain controllers.
### Group Policy server
Group Policy turns out to be quite simple on the server, it simply
consists of files that the clients download and parse, so this is
actually a function of the file server and the
`[netlogon]`
share. It
is critical for client security that access to this share only be made
*
_Group Policy server_. Samba acts as a
[
Group Policy
](
https://en.wikipedia.org/wiki/Group_Policy
)
server, although this simply consists of providing files that the clients download and parse.
So this is functionality is actually provided by the file server (via the
`[netlogon]`
share).
Note that it is critical for client security that access to this share only be made
over a SMB signed connection, and clients need to enforce this.
### DNS Server
DNS is a key part of Active Directory and Samba provides both an
internal DNS server and a plugin for BIND 9.8 and above
*
[
source4/dns_server
](
https://git.samba.org/?p=samba.git;a=tree;f=source4/dns_server
)
## [*Classic* or NT4-like Domain Controller](https://wiki.samba.org/index.php/Setting_up_Samba_as_an_NT4_PDC_(Quick_Start))
...
...
@@ -133,7 +111,7 @@ supported.
A domain member is a server or workstation joined to an AD or NT4
domain which uses that domain as the source of authentication and
authorization for connecting users. This allows transparent access to
the reso
r
uces on that server without maintaining a distinct password list.
the resou
r
ces on that server without maintaining a distinct password list.
The primary use of a domain member server is as a file server, however
there are other interesting use cases:
...
...
...
...
